How much does security factor into your buying decisions? [Roundtable]

How the AC staff thinks about security when they're buying cool stuff.

There are plenty of reasons to want a new phone or cool tech gadget, and everyone has different reasons. And of course, there are plenty of phones and cool tech gadgets to buy. We find the right gadget for the right reasons and lighten our wallets.

In the midst of all the talk about specs and software and updates and cameras and everything else about the next great Android phone, you'll see a few people talking about security. Security can mean different things to different people but I think everyone considers it while they're deciding what to buy. Even if they don't realize they're doing it. The iris scanning tech on the Galaxy S8 is a security feature. See? You were thinking about it after all.

How important should security be when you're deciding which phone to buy? That's the question this week, and we went around the table to see what your Android Central staff thinks.

Andrew Martonik

Security absolutely weighs into my buying decision when it comes to any sort of connected electronic device I buy — particularly with a phone — but it isn't at the top of my list of importance. I entirely understand that we live in a world where most (if not all) of the electronics we use and love have security vulnerabilities, and in knowing that I'm willing to use devices even though I can't independently confirm that they are completely secure from all types of exploits.

Yes, that means I buy or continue to use devices that have potential vulnerabilities, but in my case, I'm choosing to use them knowing that my interaction with the device may not be safe from all angles. I have no misconceptions about the potential insecurity of my data on such devices and make changes to my use of them accordingly. But at the same time, I recognize the extreme usefulness of these consumer electronics and continue to use them because I see a net benefit despite their potential insecurity.

Daniel Bader

When I buy a phone, or a connected camera, or a car, security is, like, the third thing I think about. But that's because it's something I build into my decision — I take for granted that I am thorough enough in my research to get a product from a company that takes security seriously.

Regular updates and quick patches mean a lot.

But unlike Jerry, that doesn't mean security trumps other considerations, since I am not quite as security-conscious as he is. I rely on a few basic rules: the device or product must be updated regularly; in the case of something like a smart light bulb or security camera, it needs to be from a company that has a history of patching security holes. Nest, for instance, took over six months to patch a recent exploit in its security camera, and while it was ultimately patched, that slow turnaround time means I may think twice before purchasing another product from them.

In the case of a smartphone, I buy phones that will receive regular updates and security patches. Obviously, I'll test many phones, but I will usually go back to phones from Google, BlackBerry or Samsung, since they have the best track record of monthly, or at least regular, patches. Similarly, I now take such security into consideration when choosing a carrier; my current carrier, Rogers, is fairly bad about pushing security patches to its Android phones, so I am considering switching to Telus, which is better known for such things.

Florence Ion

It's easy for me to say that security doesn't necessarily factor into my buying decisions because, frankly, it's not the first thing I think of when I'm buying a gadget. And I think that's because I trust myself enough, and the experience I have buying technology for nearly two decades, to stick with brands and operating systems that I know I can trust.

Of course, sometimes that backfires on us. Sometimes there's an exploit, and I'm getting an email from Adobe, for instance, saying that it had to reset my password because of a security breach. Or, I hear of a text messaging scam going around that installs some sort of virus on your Android device. I try to stick to "the rules" — updating software and avoiding spam, for instance — to keep those type of predators at bay. It's worked so far.

I don't run ad blockers or virus scanners on my Android device, but I do try to do my research, even if it's merely for a new app I'm downloading from the Play Store. I may not realize that I'm doing that for security purposes, but I think that's because I've reached the point where I'm instinctively looking out for it anyway.

Jerry Hildenbrand

It's the first and most important consideration when I buy any connected thing.

Would you buy a front door that has no lock?

Security and Privacy are two very different things, but privacy depends on security. I wouldn't want someone to come into my home when I'm not there, so I lock the door. Locking the door wouldn't be very helpful if anyone who wanted to get in could download the key to it.

I'm not carrying around any national secrets on my phone. In fact, nothing I have on my phone would be important to anyone else. I would probably unlock it and hand it to you if you wanted or needed to look at something. I just want all the looking to be on my terms and not someone else's. The company who can offer that is where I start looking when I'm buying.

Ask yourself if you would want a random stranger reading your email and looking through all your photos. If you said no, then security matters for you, too.

Your take

What about you? Do you think about security when you buy connected things? If so, how important is it to you?

Let everyone know your thoughts in the comments down below.

Reader comments

How much does security factor into your buying decisions? [Roundtable]

Security doesn't factor at all in my purchasing decision of a smartphone. Not that I don't care about it but because they all already include basic security features that make the device secure enough for my needs. Then again I'm not like most in that I don't use a smartphone for anything of sensitive nature; basically just web browsing and an occasional email. No personal pictures or anything financial what-so-ever (only my locked down PC and home network are trusted for such things!).

I'm not buying an Android phone unless the vendor commits to regular security updates. And I'm not buying from a phone from a carrier unless they also make that commitment. Regular updates hopefully means monthly, but I am willing to compromise and accept a commitment to deliver security updates within 2 months of their release date.

Security updates are different from version upgrades. I'd like to get regular version upgrades as well, but no commitment on security updates is a deal breaker for me.

Anyone that places top priority on having a secure device and thinks that because they buy from a trusted manufacturer and their device is always at the latest patch level is a fool. If you're okay with what is essentially the 80/20 rule when it comes to your device's security, then that's a decent strategy.

If u buy a Google tagged phone ur always first in the queue for security updates so I'm not following u. Enjoy your 80/20 rule. Some of us enjoy the peace of mind of actually getting timely security updates.

I'm saying that buying a google phone and keeping it up the latest patch level IS living by the 80/20 rule. Granted, it's the best option for most that doesn't require more technical means of protection or veer too far into most people's tolerance for inconvenience.

Since coming out of the security industry, both physical and electronic processing security, BlackBerry was always my first option, because their reputation and history with security and privacy. Even today, when they are basically selling Android phones on steroids, in terms of security, they are my first option. Even though I am using a Dtek60, I am eager to see what they come up with next after the KEYone.

Security / Privacy is paramount. I'm with Jerry on this one. I have nothing to hide but if you want to walk into my digital house wanting to rummage through my stuff then you should first be authorised to do so and it should be with my consent.

Blackberry all the way. And after installing any new app I first go to check every single app permission and disable those I do not feel comfortable with. If this cripples the app's functionality then I do not need the app. The only exception being WhatsApp where I do not like how many times it goes through my contact database (a few thousand times a day) but I give in since its the only app which allows cross platform ease of communication with practically all the contacts I wish to communicate with by way of messaging, voice or video.

VPN is always on when connecting to any public network and also in countries I travel to where I am not comfortable with overall rules on respect for privacy.

I could care less about the security updates. The steps you need to go through to actually get one of these "viruses/bugs" is ridiculous, and if you manage to do so you are a real winner. Im not saying it can't happen I've just never known or met anybody that got a bad virus or bug on their device. And I have known a lot of people from all over the country being military.

First thing I do on a new phone is set up a lock code or fingerprint lock and turn off on screen notifications. I only download apps from the official store. I guess this means I am fairly security concious.

Security is pretty important to me and is playing a big part in which phone I choose since I'm looking to upgrade right now. I don't much care about the version of Android as much as I care about the security patches. My first thought is the manufacturer's reputation for security updates and then how popular the brand is with alternate ROMs so that I can continue to get monthly patches for a while after the manufacturers give up. I still like to play with my phone more than Apple will allow so I stick with Android.

I'm with Jerry's perspective on this. HOWEVER, I do not actively look at security when picking up a device. I do have some ground rules on life in general though:

- I only buy from companies I trust;
- I do NOT buy from companies based on mainland China;
- I do use an antivirus on Android (because, well, it comes free with the one I use on my Windows machines anyway);
- I use all the available security protocols I'm offered (fingerprint to unlock apps, two-step verification, complicated and long passwords etc)

However, thinking about smartphones in particular, I don't really care if the phone gets the monthly security updates. And if the phone's software does all I want it to do, I don't even care if it gets updated at all. For example, I couldn't care less if the S7 I currently use hadn't received Nougat. Security updates etc are on the bottom of my priorities when picking up a phone to be honest. But also because of the four things I listed above.

I relate to numerous points, but it really depends on the kind of device and situation. For phones, I'm mostly with Andrew with a hint of Jerry. I want to experience cutting edge and great features. Sadly, in such a profitable world, those aren't always found with top-notch security. When I buy a phone with security vulnerabilities, I know, and I make sure to avoid it if possible.

With devices such as smart watches or other connected devices, I'm more with Daniel in that I kinda just trust my instincts and don't think much about it, but also because I don't use the devices much.

That said, I regularly scrub my connected services and logins on Google, Facebook, Evernote, etc, and disable old logins and devices from time to time, even if I'm still using them, just to get a fresh start and feel more secure.

With devices like laptops or desktops, however, I'm much more on the side of Jerry. Those are things I'm going to be storing sensitive and/or important documents on. If I don't know the brand, its history, its statements on the device, the other companies involved, the works... I don't want it. There are few exceptions.

Security is definitely up there. I don't necessarily care about OS feature updates at this point. But I would like to see timely security updates and will support a company that does it regularly. Which is very few it seems. I'm not caring national secrets or whatever, but I do not want myself, or anyone I know, fall victim to a security flaw. And I want to see updates for longer than 1yr from first sale day. I want to see at least 1 yr from last sale date.. ideally 2yrs (again, talking about security updates). Basically, Apple and Google sit at the top of this list. I think the international versions of the S lineup have been decent as well? I'd like to see that more in the US.

Moto... was good. Seems ok now, but I don't think the G3 is updated anymore? I have to double check.

When I decided to jump ship and head from iOS to Android security was my biggest concern and why I went with a Nexus 5x on Google Fi. A good but not great phone but I never need worry about updates being timely. I'll trade off some features and performance for security peace of mind any day.

I would like to believe I'm a security-forward buyer.
But as you said, security can definitely mean different things to different people.

I owned an iPhone3g, a DroidX, a Nexus4, then Nexus6.
From my experience with the iPhone and DroidX, I decided I would never buy a non-nexus Android device again.
I have stuck to that decision for the last ~5 years, and don't expect that to change anytime soon.
I also avoid most IoT devices like the plague. Very few IoT companies have even demonstrated a desire to attempt to secure their devices, much less the technical expertise to actually do so. I also don't expect that to change anytime soon...

Very important decision when buying a new phone. Looking forward to a new all touch BlackBerry, even though the KeyOne is looking like a nice upcoming device, I personally don't need the PKB. Currently using the Priv, Blackberry is a pioneer when it comes to security, been around way longer than iOS and Android, they're the Originals.

Honestly, the software that Cellbrite sells to most Governments can crack and copy any Android phone in about 4 minutes .. even the Nexus/Pixel. It can do this to over 55 Samsung phones regardless of patch level as well. I have a Nexus 6P that I'll use as a daily drive but frankly if I'm traveling overseas I'm taking my iPhone 7+. Cellbrite can crack the iPhone 6/6+ but it takes about 4hrs. They have yet to do this to the 6S/6S+ or the 7's.

I get folks want to install 3rd party roms, get root and do all kinds of monkeying around but frankly .. Google and their OEM's need to start thinking about security a lot more and I'm not talking patch levels for the OS but real security. I know that the iPhone 7 isn't impregnable but I'm going to make it as hard as I can for them to invade my privacy.

4 minutes, 4 hours, what's the difference (besides the 3hrs and 56mins) if they can do it at all? I always say that when it comes to software, all bets are off when it comes to security, no matter if it's iOS, W10m, or Android, no matter if it's TrueCrypt or bitlocker, no matter if it's Samsung Knox or whatever. If it's software, somebody somewhere can break in. Remember when the FBI was trying to gain access to that terrorist's iPhone, and all those Apple people were boasting about how they'll never gain access? Well, we all know how that turned out, don't we? You can't guarantee bug-free software, so you can't guarantee that an exploit won't exist for someone to abuse. Reminds me of all those video game companies putting DRM on their games, hoping to stop people from pirating their products. That stuff NEVER works, and somebody ALWAYS finds a way to get around it.

All those people using iPhones and W10m boasting about their "impenetrable security" need to get it through their heads that it's a false sense of security.

I don't think that people concerned about their security are worried too much about having their phones seized by government agency. It's mostly about feeling safer when it comes to random hacking online or in cases when they lose their phones.
If it's in the right hands, there is no impenetrable device.

Security is within the top 5 things that I consider in a device. I usually consider the ability to customize (not ROMs--mostly apps and appearance), processor+RAM, camera, security, and NFC (for NFC payments).

It isn't pride that keeps me from buying iPhones. It's that everything is locked down (which can be good or bad, but to me, it's more bad than good) and I like to have a little more control over what my device is doing than most. For my family members who aren't very tech savvy, I say go for the iPhone (and let the Genius folks support you).

I detest bloatware--either from the manufacturer or the carrier--so vanilla Android is where I've been putting my hard-earned money the last few years.

I'm also a strong believer in common sense when it comes to electronics and being online, and I stick to the Play Store and very mainstream apps. I'm one of those nuts that actually reads the permissions explanations... Anyway, I'm very pleased that Nexus and Pixel get monthly updates. For the security issues that are waaaaay beyond my level of understanding, I like knowing that Google tries to address those issues in a fairly timely manner (at least for the Google devices).

I used to be a Motorola fan, but the last few years have not been good for them in terms of product support and updates have been noticeably slow--especially given that they put out a pretty "pure" Android OS (which should take LESS resources to keep up to date). I hope they can improve on those topics as I like the looks of their devices and the modular idea is pretty neat.

Honestly I don't think about it too much for smartphones mostly because I haven't personally experienced much for malware and security breaches on phones. Working in IT I see it all the time on PC's so I'm much more concerned when it comes to the PC.

I have been using Nexus and Pixel phones for the last few years so you can't get much better for Android security than that, but it's not why I've been buying these phones.

Android actually is pretty good about security, but it gets a lot of bag press. It's actually about on par with the iPhone, and most phones get more security patches and more frequently than the iPhone.

Just because Sammy isn't cutting edge on OS updates doesn't mean that they're not fairly good with security patches. They are decent. Why are you with Android if the current OS is dragging you so far down? I like that Sammy puts out a product with a tested OS so I don't have to find all of the bugs.

Wow the Gs6 got Nougat? I have the complete opposite response, I think that's pretty impressive! Not many 2 year old phones are getting major updates like that, and some newer phones haven't even gotten Nougat yet. Plus Samsung seems to be better than LG and other phone makers as well. But like others have said, its the security patches that are really the most important thing.